在我的Spring Boot中添加可选的Google登录+;安全+;web应用程序
我正在开发一个Spring boot web应用程序。我现在正在使用Spring Security和自定义userDetailService开发一个注册和登录系统 现在我想添加一个使用谷歌账户注册登录系统。我创建了我的谷歌API密钥,并将它们添加到在我的Spring Boot中添加可选的Google登录+;安全+;web应用程序,spring,spring-security,oauth-2.0,spring-security-oauth2,Spring,Spring Security,Oauth 2.0,Spring Security Oauth2,我正在开发一个Spring boot web应用程序。我现在正在使用Spring Security和自定义userDetailService开发一个注册和登录系统 现在我想添加一个使用谷歌账户注册登录系统。我创建了我的谷歌API密钥,并将它们添加到应用程序.properties。我认为没有必要在此处使用.yml属性文件: # =============================== # = OAUTH2 # =============================== security.
应用程序.properties
。我认为没有必要在此处使用.yml属性文件:
# ===============================
# = OAUTH2
# ===============================
security.oauth2.client.client-id=clientId Here
security.oauth2.client.client-secret=clientSecret here
security.oauth2.client.access-token-uri=https://www.googleapis.com/oauth2/v3/token
security.oauth2.client.user-authorization-uri=https://accounts.google.com/o/oauth2/auth
security.oauth2.client.token-name=oauth_token
security.oauth2.client.authentication-scheme=query
security.oauth2.client.client-authentication-scheme=form
security.oauth2.client.scope=profile
security.oauth2.resource.user-info-uri=https://www.googleapis.com/userinfo/v2/me
security.oauth2.resource.prefer-token-info=false
我通过以下方式向我的Spring Boot应用程序添加了OAuth2支持:
@SpringBootApplication
@EnableOAuth2Sso
public class WebApplication {
public static void main(String[] args) {
SpringApplication.run(WebApplication.class, args);
}
}
现在我想保留使用谷歌登录或使用网站帐户登录的可能性,但我只找到了关于唯一登录或多提供商登录(Facebook、谷歌、Twitter…)的手册
在我的SpringSecurity配置类中,我有这个。我认为我必须为谷歌创建一个authenticationProvider,并将其链接到我应用程序中的谷歌访问url,但我对此感到困惑:
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
/**
* Obtenemos información de persistencia
*/
// @formatter:off
auth
//.authenticationProvider(googleOauth2AuthProvider())
.userDetailsService(userDetailsService)
.passwordEncoder(bCryptPasswordEncoder);
// @formatter:on
}
...
@Override
protected void configure(HttpSecurity http) throws Exception {
String[] anonymousRequest = { urls};
http
.authorizeRequests()
//..other rules
您可以使用SpringSocial或OAUTH2实现这一点 如果您想使用SpringSocial,请注意SpringBootSocial中默认不支持Google,因此您必须执行两个额外的步骤
<dependency>
<groupId>org.springframework.social</groupId>
<artifactId>spring-social-google</artifactId>
<version>1.0.0.RELEASE</version>
</dependency>
使用您的google API密钥更新application.properties
希望能有帮助
如果要使用OAUTH2执行此操作,则必须使用复合筛选器,在该筛选器中配置所需的身份验证提供程序,例如:
private Filter ssoFilter() {
CompositeFilter filter = new CompositeFilter();
List<Filter> filters = new ArrayList<>();
filters.add(ssoFilter(facebook(), "/login/facebook"));
filters.add(ssoFilter(google(), "/login/google"));
filter.setFilters(filters);
return filter;
}
private Filter ssoFilter(ClientResources client, String path) {
OAuth2ClientAuthenticationProcessingFilter oAuth2ClientAuthenticationFilter = new OAuth2ClientAuthenticationProcessingFilter(
path);
OAuth2RestTemplate oAuth2RestTemplate = new OAuth2RestTemplate(client.getClient(), oauth2ClientContext);
oAuth2ClientAuthenticationFilter.setRestTemplate(oAuth2RestTemplate);
UserInfoTokenServices tokenServices = new UserInfoTokenServices(client.getResource().getUserInfoUri(),
client.getClient().getClientId());
tokenServices.setRestTemplate(oAuth2RestTemplate);
oAuth2ClientAuthenticationFilter.setTokenServices(tokenServices);
return oAuth2ClientAuthenticationFilter;
}
以及:
最后,在HTTP安全配置中的BasicAuthenticationFilter之前添加筛选器:
@Override
protected void configure(HttpSecurity http) throws Exception {
String[] anonymousRequest = { urls};
http
.authorizeRequests()
//..other rules
addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
Ps:您的配置属性必须以@ConfigurationProperties(“facebook”)
中指定的值开头:
这是从以下示例中得到启发的:
@Bean
@ConfigurationProperties("google")
public ClientResources google() {
return new ClientResources();
}
@Bean
@ConfigurationProperties("facebook")
public ClientResources facebook() {
return new ClientResources();
}
class ClientResources {
@NestedConfigurationProperty
private AuthorizationCodeResourceDetails client = new AuthorizationCodeResourceDetails();
@NestedConfigurationProperty
private ResourceServerProperties resource = new ResourceServerProperties();
public AuthorizationCodeResourceDetails getClient() {
return client;
}
public ResourceServerProperties getResource() {
return resource;
}
}
@Override
protected void configure(HttpSecurity http) throws Exception {
String[] anonymousRequest = { urls};
http
.authorizeRequests()
//..other rules
addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
facebook:
client:
clientId: yourCliendId
clientSecret: yourClientSecret
accessTokenUri: https://graph.facebook.com/oauth/access_token
userAuthorizationUri: https://www.facebook.com/dialog/oauth
tokenName: oauth_token
authenticationScheme: query
registeredRedirectUri: http://localhost:8083/app.html
preEstablishedRedirectUri: http://localhost:8083/app.html
clientAuthenticationScheme: form
resource:
userInfoUri: https://graph.facebook.com/me